This week’s Cloud Security News is brought you by JupiterOne and Hunters – Click on their names to find out more about them.

• Microsoft has released a blog this week confirming that in December 2021, they mitigated a vulnerability in the Azure Automation service. Microsoft shared that due to the vulnerability, a user running an automation job in an Azure Sandbox could have acquired the Managed Identities tokens of other automation jobs, allowing access to resources within the Automation Account’s Managed Identity. Microsoft thanked ​​Yanir Tsarimi of Orca Security who reported this vulnerability and confirmed that it has not detected evidence of misuse of tokens. Orca Security has called this vulnerability AutoWarp – a critical vulnerability in the Azure Automation service that allowed unauthorized access to other Azure customer accounts using the service. This attack could mean full control over resources and data belonging to the targeted account, depending on the permissions assigned by the customer. You can read Orca Security’s blog here and Microsoft’s disclosure here.

• On more things Microsoft! They have recently announced the public preview of CloudKnox Permissions Management, an extension to CloudKnox Security which they acquired in July of last year. This is leaning into their multicloud vision and is intended to offer detailed visibility into all identities and their permissions granted and permissions used, across your cloud infrastructure, so you can uncover any action performed by any identity on any resource. This is not limited to just user identities, but also includes workload identities such as virtual machines, access keys, containers, and scripts, across the three key cloud providers – Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure. The dashboard gives you an overview of your organization’s permission profile to locate where the riskiest identities and resources are across your infrastructure. You can read all about it here.

• Google announced this week   Google Cloud CLI’s preview release of Declarative Export for Terraform. Now what is that you may say – Declarative Export allows you to export the current state of your Google Cloud infrastructure into a descriptive file compatible with Terraform (HCL) or Google’s KRM declarative tooling.A common gap in IaC workflows on Google Cloud is how to actually create a HCL Terraform file describing all their Google Cloud resources and their states if your organisation did not start you cloud journey this way. As google describes it “It would be like trying to draw up the blueprints for the house after the house was already built, step by step, by people in the field without documentation of what happened or in what order.” Declarative Export would makes it easier to migrate existing Google Cloud resources to Terraform. It also protects you from incorrect configurations and drift. You can read all about it here.

• A few years ago you may have heard of a Knative, an open source, Kubernetes-based platform for building, deploying, and managing serverless and event-driven applications. It was founded by Google in 2018 and subsequently developed in close partnership with IBM, Red Hat, VMWare, and SAP. The project has since grown thanks to the collaboration and contributions of more than 1,800 different individuals in the community. Knative brings the ability to build and deploy serverless components in the context of Kubernetes. It’s a meta platform – a platform of platforms. It is meant for platform companies to build an additional application layer exposed to developers. While Knative comes with the core building blocks and the infrastructure needed for serverless, it lacks the developer experience layer. Platform companies including Google, IBM, VMware, and Red Hat built additional tooling on top of Knative to enhance the developer experience.
• This week the Cloud Native Computing Foundation has accepted it as an incubating Project. So what does that mean? Reports are that the acceptance of Knative by CNCF is a critical milestone in the evolution of the project as the community will confidently embrace Knative resulting in the accelerated adoption of serverless technologies. Read more about this here

• Researchers at security consultancy Kloudle have found they were able to bypass both Google Cloud Platform (GCP) and Amazon Web Services (AWS) web app firewalls just by making a POST request more than 8KB in size. Google Cloud Armor provides a rule-based policy framework that can be used by customers of the Google Cloud Platform to mitigate various types of common web application attacks. The Cloud Armor service has a documented limitation of 8 KB as the maximum size of web request that it will inspect. According to Kloudle “This is similar to the well-documented 8 KB limitation of the AWS web application firewall, however, in the case of Cloud Armor, the limitation is not as widely known and is not presented to customers as prominently as the limitation in AWS.” This issue can be exploited by crafting an HTTP POST request with a body size exceeding the 8 KB size limitation of Cloud Armor, an attacker with knowledge of this limitation would be better placed to exploit any vulnerabilities that may be present in an underlying application.  If you are a Customer of Google Cloud using Cloud Armor you can configure a custom Cloud Armor rule to block HTTP requests where the request body is larger than 8192 bytes. You can read more about this here and also Kloudle’s article on the 8KB limitation for AWS WAF here

• Axonius, who you may have previously heard about on Cloud Security Podcast, has closed a $200 Million Series E funding at $2.6 Billion Valuation this week. Best known for their cybersecurity asset management platform Axonius was founded in 2017 and till date has raised a total of $655M. You can find out more about this here.

• This last one isn’t cloud security news but one that caught our attention. AWS has launched a customer carbon footprint tool. Customers can now calculate the environmental impact of their AWS workloads with the new customer carbon footprint tool. The forecasted emissions are based on current usage, and show how a customer’s carbon footprint will change as Amazon hopes to  power its operations with 100% renewable energy by 2025, five years ahead of its original target of 2030, and drives toward net-zero carbon by 2040 as part of The Climate Pledge.  Makes us wonder what our other cloud providers are doing for positive climate impacts, if you know of some – send it through to us at www.cloudsecuritypodcast.tv and read more about this news here

• A last little tidbit to leave you with, last week we covered a research shared by Mandiant about COLDDRAW ransomware. Hot off the press  Google has Announced its Intent to Acquire Mandiant stating that it  has signed a definitive agreement to acquire Mandiant, Inc., a leader in dynamic cyber defense and response, for $23.00 per share, in an all-cash transaction valued at approximately $5.4 billion, inclusive of Mandiant’s net cash. Upon the close of the acquisition, Mandiant will join Google Cloud. With the addition of Mandiant, Google Cloud is hoping to even further enhance its security offerings to deliver an end-to-end security operations suite with even greater capabilities.to support customers across their cloud and on-premise environments. Do let us know your thoughts on this acquisition and how it plays into Google’s Cloud Security? Read more on this here.